summaryrefslogtreecommitdiff
path: root/src/security/vboot
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/vboot')
-rw-r--r--src/security/vboot/Kconfig1
-rw-r--r--src/security/vboot/Makefile.inc6
-rw-r--r--src/security/vboot/misc.h2
-rw-r--r--src/security/vboot/vboot_common.c2
4 files changed, 9 insertions, 2 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index a2af5d2564..2d5b20f50d 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -90,6 +90,7 @@ config VBOOT_STARTS_BEFORE_BOOTBLOCK
config VBOOT_STARTS_IN_BOOTBLOCK
bool
default n
+ depends on SEPARATE_ROMSTAGE
help
Firmware verification happens during the end of or right after the
bootblock. This implies that a static VBOOT2_WORK() buffer must be
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index f152444044..1b3568a1ec 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -43,7 +43,9 @@ $(1)-srcs += $$(VBOOT_LIB_$(1))
endef # vboot-for-stage
$(eval $(call vboot-for-stage,bootblock))
+ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y)
$(eval $(call vboot-for-stage,romstage))
+endif
$(eval $(call vboot-for-stage,ramstage))
$(eval $(call vboot-for-stage,postcar))
@@ -157,7 +159,11 @@ else # CONFIG_VBOOT_SEPARATE_VERSTAGE
ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
else
+ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y)
postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs))
+else
+postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
+endif
endif
endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h
index 8310647760..a7069f38fe 100644
--- a/src/security/vboot/misc.h
+++ b/src/security/vboot/misc.h
@@ -48,7 +48,7 @@ static inline int verification_should_run(void)
if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
return ENV_SEPARATE_VERSTAGE;
else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
- return ENV_ROMSTAGE;
+ return ENV_RAMINIT;
else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
return ENV_BOOTBLOCK;
else
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index f9080c585a..68df1406a7 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -29,7 +29,7 @@ static void save_secdata(struct vb2_context *ctx)
void vboot_save_data(struct vb2_context *ctx)
{
- if (!verification_should_run() && !(ENV_ROMSTAGE && CONFIG(VBOOT_EARLY_EC_SYNC))) {
+ if (!verification_should_run() && !(ENV_RAMINIT && CONFIG(VBOOT_EARLY_EC_SYNC))) {
if (ctx->flags
& (VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED
| VB2_CONTEXT_SECDATA_KERNEL_CHANGED))